The vulnerability exists due to improper design of the ASP application server. The administration application server exists as a stand-alone service that listens on TCP port 5102. By connecting directly to this service and making requests, attackers are able to bypass authentication mechanisms introduce by the administration HTTP server.

Analysis:
Exploitation allows an attacker to bypass authentication restrictions imposed by the HTTP server. No authentication is required to communicate with the affected administration application server. The attacker only needs to be able to establish a session with the administration application server on TCP port 5102.

Workaround:
In order to prevent exploitation of this vulnerability, disable administration server by executing the following command as the 'root' user.
# /opt/casp/admtool -e

These vulnerabilities exist within several ASP applications that execute shell commands. The problem lies in the fact that these applications do not filter or escape the parameters passed to these commands. By inserting shell meta-characters into an HTTP request, an attacker is able to execute arbitrary shell commands.

Analysis:
Exploitation allows an attacker to execute arbitrary shell commands with elevated privileges. Since this server runs with root privileges, an attacker could gain complete control of the affected the system.

Note that authentication is required to reach these ASP applications via the administration server on TCP port 5100. However, several methods of bypassing and circumventing authentication have been discovered, rendering that requirement irrelevant.

Workaround:
Removing the affected ASP applications from the system can prevent exploitation of these vulnerabilities.

Additionally, using firewalls to limit access to the administration server (TCP port 5100) and the ASP application server (TCP port 5102) can help mitigate these issues.

The vulnerability exists within the request handling code within the ASP server. An attacker supplied string is copied into a fixed size stack buffer without first validating that there is sufficient space available. By supplying a specially crafted request, an attacker can cause a stack-based buffer overflow.

Analysis:
Exploitation allows an attacker to execute arbitrary code in the context of the ASP server. This vulnerability can be reached from a normal web server, usually on TCP port 80, configured to pass requests for ASP applications through the ASP server. No authentication is required to exploit this vulnerability. If this service is configured to run with root privileges it is possible to gain complete control over the affected system.

Workaround:
iDefense is currently unaware of any effective workaround for this issue.

However, configuring the ASP server to run with reduced privileges can help prevent a complete compromise. This can be accomplished via the "Inherit user security" setting or setting a user and group to run with when using the "Defined user security" mode.

Both vulnerabilities exist within ASP applications included with the product. When accessed via the administration server, the ASP engine does not prevent directory traversal using the "../" construct. By supplying a specially crafted HTTP request to one of the affected ASP applications, an attacker is able to read from arbitrary files.

One of the applications will disclose only the first and third lines of the file. Once the application is finished processing the file, it will delete it.

Analysis:
Exploitation allows an attacker to gain sensitive information from the server. No authentication is required to reach the affected ASP applications. The attacker only needs to be able to establish a session with the administration server on TCP port 5100.

Since the server process runs with root privileges, an attacker could obtain the contents of, or delete, any file on the system. It is interesting to note that attempting to exploit these vulnerabilities via the web server results in an error as shown below.

This vulnerability exists due to the placement of the password and configuration data within the application server root directory. By making requests for specific, sensitive documents an attacker could obtain the configuration or password hashes of allowed users.

Analysis:
Exploitation allows an attacker to gain sensitive information from the server. No authentication is required to reach the affected ASP applications. The attacker only needs to be able to establish a session with the administration server on TCP port 5100.

Workaround:
In order to prevent exploitation of this vulnerability, disable administration server by executing the following command as the 'root' user.

The vulnerability exists within a file included by several ASP applications. This file provides a function that will write the contents contained within its first parameter to a file specified by its second parameter. Several ASP applications allow an attacker to control both the content and the location of the file written.

Analysis:
Exploitation allows an attacker to create, or append to, arbitrary files on the system with root privileges. No authentication is required to reach the affected ASP applications. The attacker only needs to be able to establish a session with the administration server on TCP port 5100.

Workaround:
In order to prevent exploitation of this vulnerability, disable administration server by executing the following command as the 'root' user.